Oracle SQL: GRANT

Grant privileges on columns

Create two users

Create two users for an example that is supposed to demonstrate privileges on columns

connect / as sysdba

create user usr_1
       identified by pw_1
       default tablespace data
       quota unlimited on data;

create user usr_2
       identified by pw_2;

grant  connect,
       create table
    to usr_1;

grant  connect
    to usr_2;

Github repository Oracle-patterns, path: /SQL/grant/users-create.sql

Create a table

A table is created.

Add a couple of records.

USR_2 is allowed to select from the table and to update two columns: col_2 and col_3.

connect usr_1/pw_1

create table tab_1 (
   col_1   number,
   col_2   varchar2(10),
   col_3   varchar2(10),
   col_4   varchar2(10)
);

insert into tab_1 values (1, 'one', 'foo', 'important');
insert into tab_1 values (2, 'two', 'bar', 'data!'    );

grant select,
      update(       col_2, col_3)
   on tab_1
   to usr_2;

Github repository Oracle-patterns, path: /SQL/grant/table-create.sql

Select from the table

USR_2 was granted select privileges on the table and can select from the table:

connect usr_2/pw_2

select
   *
from
   usr_1.tab_1;

Github repository Oracle-patterns, path: /SQL/grant/table-select.sql

Updating the table

USR_2 is only able to update col_2 and col_3.

If the user tries to update data in another column, the error ORA-01031: insufficient privileges is thrown.

update
   usr_1.tab_1
set
   col_2 = 'TWO'
where
   col_1 = 2;

--
-- ORA-01031: insufficient privileges
--
-- update
--    usr_1.tab_1
-- set
--    col_4 = '***'
-- where
--    col_1 = 1;

Github repository Oracle-patterns, path: /SQL/grant/table-update.sql

Clean up

connect / as sysdba

drop user usr_2;
drop user usr_1 cascade;

Github repository Oracle-patterns, path: /SQL/grant/users-drop.sql